If someone's able to get a memory dump of your running memory, it's not surprising that they're able to extract the encryption keys. Someone correct me if I'm wrong, but I think the window for these attacks is fairly small. This is because it's necessary for the passphrase/encryption key to be in memory, so if your laptop battery dies, the keys aren't going to automatically be in memory upon reboot. I think you're starting to see why we pack up our laptop and take it with us when using the restroom at a coffeeshop, etc.

If you're that concerned about it, epoxy your firewire port. Again, the random guy who steals your system to pawn/eBay probably isn't going to have the knowledge or skills to pull something like that off. You just want the barrier to be high enough that it's more convenient to format and reinstall.

Like they always say - the more you know, the more paranoid you become...

Someone correct me if I'm wrong, but I think the window for these attacks is fairly small.

It depends on what you define as small. I've heard of a cold boot http://en.wikipedia.org/wiki/Cold_boot_attackattack performed on live systems (super cool the RAM, then rip it out of the system, and transplant it into a live system) which lasts for long enough to scan for the encryption keys. Once you've got the keys, you can perform offline decryption of the HDD, or (depending on the encryption software) jsut re-type the password into the compromised machine.

Tom, like we've all been saying for a while now, it all depends on who your threat actors are. In your case, the threat actor is mostly Joe Blogs from the street, so as long as you have some kind of FDE you're probably safe.

ajohnson wrote:I personally use TrueCrypt, but I believe they only offer FDE of the system drive for Windows.

I've read some pretty crazy things about TrueCrypt from "It has backdoors built in it for Law Enforcement" to "You can't do FDE on a Mac on it" to "The creators are nefarious because they don't release code and won't give out their address"

Like most people, when I see "red flags" it just turns me off, whether they are true or now.

The gist of the article is that FileVault2 automatically checks the option to use your Apple ID as another way to log in, and there is no easy way to uncheck that without encrypting and then decrypting your HDD.

Just seems hokey.

If someone's able to get a memory dump of your running memory, it's not surprising that they're able to extract the encryption keys. Someone correct me if I'm wrong, but I think the window for these attacks is fairly small. This is because it's necessary for the passphrase/encryption key to be in memory, so if your laptop battery dies, the keys aren't going to automatically be in memory upon reboot. I think you're starting to see why we pack up our laptop and take it with us when using the restroom at a coffeeshop, etc.

Yes, you have a case!!

If you're that concerned about it, epoxy your firewire port. Again, the random guy who steals your system to pawn/eBay probably isn't going to have the knowledge or skills to pull something like that off. You just want the barrier to be high enough that it's more convenient to format and reinstall.

I had the same idea, although you'd hate to mess up a pretty new MacBook?!

UKSecurityGuy wrote:Like they always say - the more you know, the more paranoid you become...

That describes me!!!

Someone correct me if I'm wrong, but I think the window for these attacks is fairly small.

It depends on what you define as small. I've heard of a cold boot http://en.wikipedia.org/wiki/Cold_boot_attackattack performed on live systems (super cool the RAM, then rip it out of the system, and transplant it into a live system) which lasts for long enough to scan for the encryption keys. Once you've got the keys, you can perform offline decryption of the HDD, or (depending on the encryption software) jsut re-type the password into the compromised machine.[/quote]

There was something in the news - can't find it - about this a few weeks ago.

Tom, like we've all been saying for a while now, it all depends on who your threat actors are. In your case, the threat actor is mostly Joe Blogs from the street, so as long as you have some kind of FDE you're probably safe.

Well, any FDE is better than none, but I guess what has me worried is having a "false sense of security" about my security and privacy.

As discussed in another thread, a lot of people assume if they use something like HideMyAss that they are "anonymous", when it reality one hacker is doing jail time because HideMyAss ratted him out?!

Well, I have come across a few sources online this weekend that talk hidden "backdoors" in FDE software, and that the Feds coerce manufacturers of FDE to write "backdoors" to allow them access. (Sounds like a Dick Cheney kind of plot...)

How in the hell can I trust TrueCrypt or Apple's FileVault2 and not worry that if someone really wanted to get access (e.g. Law Enforcement or The Feds) that I wouldn't be a dead duck like that HideMyAss privacy breach??? >:(

That "conspiracy" combined with the link I provided above where FileVault2 was f***ing with you during install and stayed checked as "Use my AppleID for password recovery" bugs me to no end...

And again, what's the feasibility of a cold-boot attack? Look at the details of that attack; you can't just stick a laptop in a freezer. If someone with those kinds of resources are after your data, they'll probably sooner resort to a rubber hose attack.

Last edited by dynamik on Tue Apr 23, 2013 6:23 pm, edited 1 time in total.

I didn't take notes on everything I read from this weekend, but as a whole, everyone's comments from across the Internet left me feeling not so confident with TrueCrypt - especially for Mac.

And again, what's the feasibility of a cold-boot attack? Look at the details of that attack; you can't just stick a laptop in a freezer. If someone with those kinds of resources are after your data, they'll probably sooner resort to a rubber hose attack.

I agree.

My biggest fear are undocumented "Back Doors" that would let in Law Enforcement, or in my case, Apple...

I am also increasingly worried about trusting an FDE solution when in fact I am ignorant on the real issues and it turns out that whatever I chose has gaping holes in it.

It is analogous to people who blindly trusted HideMyAss and then ended up in jail. (Not that I am feeling sorry for hackers, but you see what I mean...)

I find it funny that every day I learn more about security, the more INsecure I feel.

You would think that after learning about Mobile Hotspots, Personal VPN's and FDE, that I would be feeling much safer.

But with every turn, I see how complicated these things really are, and all of the places where "one slip" could really screw you and your data up!!!

I have the Hotspot and Personal VPN issue taken care of, and if I can just find a bullet-proof choice for FDE, then I think I am much better off than I was before.

But I don't want to blindly adopt something because some punk in an Apple store says, "Trust me, this can never fail" when it turns out that he doesn't know what in the hell he is talking about, and me and my data end up on the 6 O'clock news?!

Since I will be buying a new MacBook, should I just use the native FileVault 2, or should I venture off and try something like Symantec's PGP??

(FileVault 2 would likely be less system intensive, but I don't know if it is more secure...)